Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
0
Helpful
2
Replies

netflow version 5 sampling

linker.team
Level 1
Level 1

‎11-12-2008 06:24 AM

I have created a sampler map and applied it on the interface and got the flows exported. However when I capture the flows in wireshark i cannot see the sampling information on the header.

My configuration is

cisco2811#sh flo

cisco2811#sh flow-sampler

Sampler : nfa, id : 1, packets matched : 2484, mode : random sampling mode

sampling interval is : 100

cisco2811#

cisco2811#sh run | incl flow

flow-sampler-map nfa

flow-sampler nfa

ip flow-export version 5

ip flow-export destination 192.168.112.152 9996

cisco2811#sh ip flow export

Flow export v5 is enabled for main cache

Exporting flows to 192.168.112.152 (9996)

Exporting using source IP address 192.168.118.32

Version 5 flow records

1800 flows exported in 197 udp datagrams

0 flows failed due to lack of export packet

1 export packets were sent up to process level

0 export packets were dropped due to no fib

0 export packets were dropped due to adjacency issues

0 export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

My version is:

Cisco IOS Software, 2800 Software (C2800NM-SPSERVICESK9-M), Version 12.4(3i), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Wed 28-Nov-07 21:09 by stshen

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Is there any special commands required to populate the sampling interval in the v5 header?

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎11-18-2008 09:37 AM

Make sure Modular Gigabit Ethernet doesn't support Netflow record.

Specifies a statistical sampling NetFlow export random sampling mode and a packet interval.

mode random one-out-of packet-interval

Example:

Router(config-sampler-map)# mode random one-out-of 100

The random keyword specifies that sampling uses the random sampling mode.

The one-out-of packet-interval argument-keyword pair specifies the packet interval (one out of every n packets) from which to sample. For n, you can specify from 1 to 65535 (packets).

For further information click this link.

http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/nflow_filt_samp_traff_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056811

0 Helpful

linker.team
Level 1
Level 1
In response to owillins

‎11-19-2008 04:46 AM

I have done that. I have created a flow sampler map through that command. However I am not able to see the sampler interval in the netflow V5 packet. In the doc it says you can see the sampling interval in the padding field of the netflow v5 packet.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents